What Would Ве А Good Vulnerability Management Program 


EXL 


It is always GOOD to know your weaknesses..... 


— and its the BEST to timely take care of them! 


Minimize the Risk around Vulnerable Systems and Vulnerabilities by helping you rightly and quickly identify the 
vulnerabilities and helping you prioritize efforts towards the high risk items first. 
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Areas of Focus for a Good Vulnerability Management Program 


ПТР ПҒА АТ) 


Sound Inventory Management System & Practices (А) 


Speed and Efficacy of Vulnerability Identification (B) | 


Risk Prioritization around Relevant Aspects (C) 


Promptness in Remediation (D) 
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Important Questions То Get You There 


=l Is my inventory up-to-date 


always? 


Г Ном soon | get to know about 


my vulnerable systems? 


“= Which are the potential low 


hanging fruits? 


^^ How much time | have to patch 
< the vulnerabilities? 


- SLA for Closure 


У Which аге ту important assets? 
- Crown Jewels 


Which all systems are suffering 


` from critical vulnerabilities? 


% Which are being exploited globally? 


iy) ls there enough bandwidth to 
~ patch all vulnerabilities? 
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A? Which of my important assets are 
significantly vulnerable? 


(mp Are these vulnerabilities 
*" confirmed? 


€ Which vulnerabilities have 


known exploit available for? 


w Зо, which vulnerabilities should | patch 
æ first? 
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EXL’s Vulnerability Management Program Maturity Synopsis 


Coverage ӱ All Production Environment ® Both - Prod and Non-Prod 
Which all systems are under scope 
EL Authenticated Scans 
S Depth го в Unauthenticated Scans D Рова (Cloud Agent) seannin 
m Outside vs inside view Remote scanning oca! {Cloud АВ 8 
2 Policy Compliance 
Ф Егедиепсу Periodic (YY2 QQ2 ММ Real-time 
c How soon to assess the environment » lode 08 ) 9 
а 
> Independence ф InfoSec Team gb Technology Team InfoSec Team 
ж Who should do the assessments 
ë= 
= А : | . 
LifeCycle Ongoing Pre-Production + Ongoing 
c Pre-Production vs Post-Production » М 
Response Priority B) Same SLA for Internal & External B Differentiated SLAs 
Which one to focus on + Critical and High Severity + Asset Criticality (Context) 
+ Public Facing + Risk Intelligence (Context) 
+ Threat Intel (Context) 
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Risk and Context Driven — Remediation Approach 


VAPT 
AppSec 
Off Sec Testing 


Cyber Dills 


Red Team 


BitSight 


Vulnerabilities 


Vulnerabilities 
basis CVSS Score 


Risk Intel Applied | 


Active 
Attacks 


Prioritized Vulnerabilities 
á 
хе” / 


Vulnerabilities 
basis Risk Intel 
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RISK VIEW OF THE VULNERABILITIES y EXL 


LATEST THREATS FROM LIVE FEED 
Title mpacted Severity Published 
P Expl e УЕ-201 4 
m 
2 2 = L... 
P Е able f VE-2010-41 
P E able f E-201 
P Ехр! e for E-201 
P E able E-201 


а 
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Next Level - Risk Intel + Threat Intel EXL 


Fire Eye СТ! HP RepSM Malware Analysis MSSP Intel 


7/771 
x= 


Threat Intel 


m 
— 
— 


Cyber Defense 
Center 


IƏ1ul 15! 


Backdoor | 


Vulnerabilities basis 
Risk Intel 


Risk Intel + Threat Intel = P0 Tickets 
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ACHIEVED BENEFITS 


EXL 


О Comprehensive Coverage of Threat Landscape 

Ü Real Time Risk Status & Dashboard 

С Lesser False Positives 

Ü Prioritized Real Critical Risks Remediation 

О Self Capable Technology Team - no dependency on InfoSec team 
QO) Quick Identification, Remediation and Validations 

О Centralized Policy Compliance management 
9 


Higher Team Efficiency through Technology Automation and Process Enhancement 
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о (с. 


THANK YOU 
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